現今,幾乎所有的網站都是使用者輸入使用者帳號及密碼進行登入,而多數的使用者為了記憶方便,在多個網站上使用同一組密碼,且不常更改密碼,由於使用者的密碼使用習慣不佳,加上網站的安全措施存在著漏洞,導致帳戶攻擊事件的頻傳。目前大多數抵禦帳戶攻擊的方式,均存在著安全性或是使用便利性上的問題,如何在安全性的條件下,提升使用者的便利性,是現在認證機制的重要課題。本研究透過文獻探討,了解帳戶攻擊的方法及目前帳戶攻擊的防禦方法和機制,並採用實證研究法,提出一套帳戶安全機制及設立帳戶機碼認證中心,可在使用者不會察覺到帳戶機碼驗證中心的存在,且使用習慣不改變的情況下,避免帳戶被盜用。
Nowadays, almost all websites are logged in by users entering their user account and password. In order to facilitate memory, most users use the same set of passwords on multiple websites and do not often change their passwords. Due to the poor pass-word usage habits of users and the loopholes in the security measures of the website, account attacks occur frequently. At present, most ways to resist account attacks have problems in security or convenience. How to improve the convenience of users under the condition of security is an important topic of authentication mechanism. Through literature discussion, this study understands the methods of account attack and the current defense methods and mechanisms of account attack, and uses the empirical research method to propose a set of account security mechanism and the establishment of MAC authentication center, which can avoid account theft when users will not be aware of the existence of MAC authentication center and their usage habits will not change.
